GDPR - anyone here know much about it?

[dinny_g]

It's all going to be a bit of a minefield, post May 25th isn't it

[NotoriousREV]

Absolutely. Add in the cunts that will raise SARs requests etc. just because they can, or who will go through your privacy policy etc. looking for anything they think isn't right that will just create work. It's bad enough that I have to train the entire company in something they simply don't give a flying fuck about (I'm looking at you, Marketing and your latest tracking pixel!)

[dinny_g]

Retired Lawyers, that's who'll be playing silly buggers with the SAR's and RTF's

[Jobbo]

Oi, not just retired ones!

I've just had an online chat with Vodafone to make it clear I don't want to receive any more of their text message spam and surveys. Inspired by this thread, I've saved a copy of the chat so I can evidence my very clear opting out when they still send me annoying stuff after 25 May.

And if you think this is just deliberately playing games, it's not - they've been annoying me with random text surveys since I switched back to them last September; there's no way of opting out on my online account, I certainly didn't opt in and the texts are sent in such a way that replying 'STOP' won't send. If they'd done things properly in the first place they wouldn't have people like me setting this up to use against them.

[Jobbo]

FWIW I've been unsubscribing spam e-mails for the last couple of years with great success. Only current blatant failure is Mytyres (quelle surprise); when I get their spam now I try to unsubscribe and it tells me I'm already unsubscribed. So I'll be after them later this month too

[dinny_g]

The Customer Satisfaction Surveys is an interesting one. I don't think they need Consent currently - although sending them repeatedly isn't right.

Once a year for phone suppliers is "reasonable" I'd say...

[NotoriousREV]

I’ve been getting loads of pretty desperate recruiters repeatedly begging me to provide consent because they know full well they’ve never had it and are shit out of luck on the 25th.

[NotoriousREV]

@Jobbo: I’d agree with you that your particular case is not playing silly buggers. But, I've already had an email of one bloke telling me our privacy policy isn’t GDPR compliant, but then it turned out he was trying to offer his services as a GDPR consultant. To be fair, the PP at that time was a work in progress and thus semi-compliant.

[Simon]

Oi, not just retired ones!

I've just had an online chat with Vodafone to make it clear I don't want to receive any more of their text message spam and surveys. Inspired by this thread, I've saved a copy of the chat so I can evidence my very clear opting out when they still send me annoying stuff after 25 May.

And if you think this is just deliberately playing games, it's not - they've been annoying me with random text surveys since I switched back to them last September; there's no way of opting out on my online account, I certainly didn't opt in and the texts are sent in such a way that replying 'STOP' won't send. If they'd done things properly in the first place they wouldn't have people like me setting this up to use against them.

Good luck. I had a chat with Voda a few months ago to tell them I'd never ever buy their broadband because I have a specific set of reqs that very few ISPs meet, so to please stop sending me marketing mail about it.

They continue to this day. I'm collecting it all in my kitchen and will send it to their CEO's office on 26th with a 'polite' reminder.

[Jobbo]

Yes, I'm not expecting much from the conversation hence doing it as an online chat and saving a copy.

Dinny, whether or not they needed consent for surveys previously, if I expressly ask them not to contact me about such things then they're going to be in blatant breach of the new regs come 25 May. Even if they don't get a big fine they'll be forced to change their policies and procedures.

[dinny_g]

Absolutely Jobbo - bang on and a source of a bit of contention here. Headquarters have mandated we get consent for the CS surveys which means now we can now lose out on the opportunity to do them

[seb]

Thanks for all the responses chaps - not ignoring you, but not had a chance to read through and digest fully!

[NotoriousREV]

Thanks for all the responses chaps - not ignoring you, but not had a chance to read through and digest fully!

TL;DR You should've done this before now

[dinny_g]

But do still take it seriously, find out what you need to do and have a plan - regulators tend to look more favourably on those who are in breach but can demonstrate knowledge and control over the situation, than those who just find out about it in the processing of a complaint

[NotoriousREV]

Yeah, it's very unlikely you'd be at the top of the ICO's list to come and investigate and they've already said that they'll be taking a more advisory role at first where they can i.e. don't do something flagrantly abusive/stupid and they'll help you.

[Gwaredd]

I have no fucking idea what this all means for me. All I hold on file is my customers names & addresses (which can all be found on google anyway) in an encrypted folder on my PC, which is password protected. Nothing is held online & the only data I have of my suppliers is on a paper invoice which is stored in a locked office.

My questions are:

1) If someone hacks my PC and is able to open the encrypted folder, all it contains is what's available on google/yellow pages.

2) If someone breaks into my house & steals my invoice folder from my suppliers, is this breaking GDPR rules?

[Jobbo]

3) If you post something to the wrong address, is that a breach?

[NotoriousREV]

I have no fucking idea what this all means for me. All I hold on file is my customers names & addresses (which can all be found on google anyway) in an encrypted folder on my PC, which is password protected. Nothing is held online & the only data I have of my suppliers is on a paper invoice which is stored in a locked office.

My questions are:

1) If someone hacks my PC and is able to open the encrypted folder, all it contains is what's available on google/yellow pages.

2) If someone breaks into my house & steals my invoice folder from my suppliers, is this breaking GDPR rules?

If it's customer data your legal basis is contract. If the files are encrypted on the PC (and you have anti-virus and keep your security patches up to date), and your paper files are locked away, you'll be fine.

[JLv3.0]

Would it really have hurt you to have strung him along for a bit?

[NotoriousREV]

Would it really have hurt you to have strung him along for a bit?

How do you know that's the right answer?